Legal claims defining the scope of protection, as filed with the USPTO.
2. The computerized method of claim 1, wherein prior to performing the second malware analysis, modifying a set of predetermined rules associated with the second malware analysis based at least in part on the first context information to produce the modified rule set.
3. The computerized method of claim 1, wherein prior to performing the second malware analysis, activating the additional or different monitors by at least activating a particular set of process monitors based at least in part on the first context information.
5. The computerized method of claim 1, wherein the first context information further includes a result of the first malware analysis, a hash of the object and one or more rules implicated during the first malware analysis.
6. The computerized method of claim 1, wherein the object is a modified object including the first context information.
7. The computerized method of claim 6, wherein the modified object is an email including a modified header of the email including the first context information, the modified object being provided to an agent on an endpoint conducting the second malware analysis of the modified object.
9. The computerized method of claim 1, wherein the vector corresponds to information identifying a manner in which the object entered into the enterprise network.
10. The computerized method of claim 1, wherein the performing of the second malware analysis is conducted based, at least in part, on an origination and object type of the object.
11. The computerized method of claim 9, wherein the vector includes a mode of entry into the enterprise network including (i) email traffic, (ii) network traffic, or (iii) a removable storage device.
13. The non-transitory storage medium of claim 12, wherein the software, prior to performing the second malware analysis, conducts an operation of modifying a set of predetermined rules associated with the second malware analysis based at least in part on the first context information to produce the modified rule set.
14. The non-transitory storage medium of claim 12, wherein the software, prior to performing the second malware analysis, conducts an operation of activating the additional or different monitors by at least activating a particular set of process monitors based at least in part on the first context information.
15. The non-transitory storage medium of claim 12, wherein the software, upon execution by the processor, further obtains additional information detailing performance of the first malware analysis along with the origination information.
16. The non-transitory storage medium of claim 12, wherein the first context information further includes a result of the first malware analysis, a hash of the object, and one or more rules implicated during the first malware analysis.
17. The non-transitory storage medium of claim 12, wherein the obtained object is a modified object including the first context information.
18. The non-transitory storage medium of claim 17, wherein the modified object is an email including a modified header of the email including the first context information, the modified object being provided to an agent on an endpoint conducting the second malware analysis of the modified object.
19. The non-transitory storage medium of claim 12, wherein the vector corresponds to information identifying a manner in which the object entered into the enterprise network.
Unknown
December 26, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.